US11693940B2ActiveUtilityPatentIndex 60
Partitioned platform security mechanism
Est. expiryJun 23, 2041(~15 yrs left)· nominal 20-yr term from priority
G06F 21/73G06F 21/33G06F 21/572G06F 21/44G06F 21/575G06F 21/71G06F 2221/2129G06F 21/85
60
PatentIndex Score
0
Cited by
9
References
20
Claims
Abstract
A computer platform is disclosed. The computer platform comprises a central processing unit (CPU) including at least one socket having a plurality of tiles and control circuitry to partition the socket into a plurality of sub-sockets and assign a unique identity to each of the plurality of sub-sockets for security verification, wherein each sub-socket comprises at least one of the plurality of tiles to operate as a cluster of resources.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A computer platform comprising:
a central processing unit (CPU) including:
at least one socket having a plurality of tiles; and
control circuitry to partition the socket into a plurality of sub-sockets and assign a unique identity to each of the plurality of sub-sockets for security verification, wherein each sub-socket comprises at least one of the plurality of tiles to operate as a cluster of resources.
2. The computer platform of claim 1 , wherein assigning the unique identity to each of the plurality of sub-sockets comprises generating a first active component root of trust (AC-ROT) Leaf associated with a first of the plurality of sub-sockets and generating a second active component AC-ROT Leaf associated with a second of the plurality of sub-sockets.
3. The computer platform of claim 2 , wherein the first AC-ROT Leaf and the second AC-ROT Leaf are generated using an AC-ROT Root.
4. The computer platform of claim 3 , wherein the AC-ROT Root comprises an AC-ROT associated with the CPU.
5. The computer platform of claim 4 , wherein the AC-ROT Root operates as a certificate of authority to generate a first certificate chain associated with the first AC-ROT Leaf and a second certificate chain associated with the second AC-ROT Leaf.
6. The computer platform of claim 5 , wherein the certificate chain comprises a leaf identity, an indication that an identified Leaf has been cryptographically signed by the AC-ROT Root and an on-device device signature authority associated with a manufacturer of the CPU.
7. The computer platform of claim 6 , wherein the AC-ROT Leaf receives a device identifier public key signed by the AC-ROT Root.
8. The computer platform of claim 7 , wherein the platform further comprises a security engine to operate is a root of trust for the platform.
9. The computer platform of claim 8 , wherein the security engine verifies the identity of the first sub-socket via the first AC-ROT Leaf and verifies the identity of the second sub-socket via the second AC-ROT Leaf.
10. A method comprising:
detecting a partitioning of a central processing unit (CPU) socket having a plurality of tiles into plurality of plurality of sub-sockets; and
assigning a unique identity to each of the plurality of sub-sockets for security verification, wherein each sub-socket comprises at least one of the plurality of tiles to operate as a cluster of resources.
11. The method of claim 10 , wherein assigning the unique identity to each of the plurality of sub-sockets comprises:
generating a first active component root of trust (AC-ROT) Leaf associated with a first of the plurality of sub-sockets; and
generating a second active component AC-ROT Leaf associated with a second of the plurality of sub-sockets.
12. The method of claim 11 , wherein the first AC-ROT Leaf and the second AC-ROT Leaf are generated using an AC-ROT Root.
13. The method of claim 12 , wherein the AC-ROT Root comprises a CPU AC-ROT associated with the CPU.
14. The method of claim 13 , wherein the AC-ROT Root operates as a certificate of authority to generate a first certificate chain associated with the first AC-ROT Leaf and a second certificate chain associated with the second AC-ROT Leaf.
15. The method of claim 13 , further comprising:
verifying the identity of the first sub-socket via the first AC-ROT Leaf at a platform root of trust; and
verifying the identity of the second sub-socket via the second AC-ROT Leaf at the platform root of trust.
16. A system on chip (SOC) comprising:
a central processing unit (CPU) including:
at least one socket having a plurality of tiles; and
control circuitry to partition the socket into a plurality of sub-sockets and assign a unique identity to each of the plurality of sub-sockets for security verification, wherein each sub-socket comprises at least one of the plurality of tiles to operate as a cluster of resources; and
a security engine to verify the identity of the plurality of sub-sockets.
17. The SOC of claim 16 , wherein assigning the unique identity to each of the plurality of sub-sockets comprises generating a first active component root of trust (AC-ROT) Leaf associated with a first of the plurality of sub-sockets and generating a second active component AC-ROT Leaf associated with a second of the plurality of sub-sockets.
18. The SOC of claim 17 , wherein the first AC-ROT Leaf and the second AC-ROT Leaf are generated using an AC-ROT Root.
19. The SOC of claim 18 , wherein the AC-ROT Root operates as a certificate of authority to generate a first certificate chain associated with the first AC-ROT Leaf and a second certificate chain associated with the second AC-ROT Leaf.
20. The SOC of claim 19 , wherein the security engine verifies the identity of the first sub-socket via the first AC-ROT Leaf and verifies the identity of the second sub-socket via the second AC-ROT Leaf.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.